Exam 350-401 All QuestionsBrowse all questions from this exam
Question 983

An engineer must configure AAA on a Cisco 9800 WLC for central web authentication. Which two commands are needed to accomplish this task? (Choose two.)

    Correct Answer: A, E

    To configure AAA on a Cisco 9800 WLC for central web authentication, the commands required are used to enable RADIUS dynamic authorization and to allow AAA override for the specific WLAN. The command 'aaa server radius dynamic-author' enables RADIUS dynamic authorization which is essential for Change of Authorization (CoA). The command 'config wlan aaa-override enable <wlan-id>' is needed to enable AAA override for the specified WLAN, making it possible to customize authentication and authorization settings. These commands are fundamental to set up central web authentication effectively on a Cisco 9800 WLC.

Discussion
yasmiineOptions: AD

Anwser AD. Réf: https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213919-configure-802-1x-authentication-on-catal.pdf

IgorLVGOptions: AD

ref: https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213920-central-web-authentication-cwa-on-cata.html Here is the relevant part of the configuration of the WLC that corresponds to this example: aaa new-model ! aaa authorization network CWAauthz group radius aaa accounting identity CWAacct start-stop group radius ! aaa server radius dynamic-author client <ISE-IP> server-key cisco123 ! aaa session-id common ! ! radius server ISE-server address ipv4 <ISE-IP> auth-port 1812 acct-port 1813 key cisco123 ! ! (check the rest in the URL) so: ANS: AD

masrurOptions: AD

Configures the Change of Authorization (CoA) on the controller. # aaa server radius dynamic-author Specifies a RADIUS client and the RADIUS key to be shared between a device and a RADIUS client. # client 123.123.134.112 server-key 0 SECRET

you_Options: AD

Going through elimination I think the answer is AD

dc583a7Options: AD

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-14/config-guide/b_wl_17_14_cg/m_vewlc_central_web_authentication.html Configuring AAA for Central Web Authentication

joseromerogarciOptions: AD

B, C and E does not exist in a 9800 WLC ???????-WLC#configure ? confirm Confirm replacement of running-config with a new config file memory Configure from NV memory network Configure from a TFTP network host overwrite-network Overwrite NV memory from TFTP network host replace Replace the running-config with a new config file revert Parameters for reverting the configuration terminal Configure from the terminal <cr> <cr>

SeMo0o0oOptions: AD

A & D are correct

AdalbertoOptions: CD

C and D are the answers

AdalbertoOptions: AE

To configure AAA on a Cisco 9800 WLC for central web authentication, you’ll need the following two commands: Device(config)# aaa server radius dynamic-author: This command enables the RADIUS dynamic authorization feature and enters dynamic authorization local server configuration mode1. (Cisco Controller) > config wlan aaa-override enable <wlan-id>: This command enables AAA override for a specific WLAN, allowing you to apply custom authentication, authorization, and accounting (AAA) settings for that WLAN1. Remember to adjust the <wlan-id> placeholder with the actual WLAN ID you want to configure. These commands will help you set up central web authentication effectively on your Cisco 9800 WLC. 🛡️

felix_simonOptions: AC

A, C is OK https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/central-web-authentication.html

IdaklesiewiczOptions: CE

C and E. You will never see A on a wireless controller CLI. That’s a Switch/Router.

Idaklesiewicz

Or maybe it should be A and B actually..

Idaklesiewicz

From Cisco A and E are correct. Step 1 aaa server radius dynamic-author Example: Device(config)# aaa server radius dynamic-author Configures the Change of Authorization (CoA) on the controller. Step 2 client ISE-IP-add server-key radius-shared-secret Example: Device(config-locsvr-da-radius)# client 123.123.134.112 server-key 0 SECRET

RickAO76Options: AE

A and E (In my Opinion) A - configures the WLC to use RADIUS for dynamic authorization (correct) B - diables AAA override (central web auth, we should want AAA override) C - configures a RADIUS accounting server (logging, not used for authentication) D - appears to be configuring a local RADIUS server on device, rather then setting up central web auth. E - enables AAA override for the WLAN, allowing WLC to use AAA for client authentication/authorization

RickAO76

- Okay, yeah - I'm not sure of this one :( - forgive me